Brute force attack detected


GuardDuty detected that one of the EC2 instances is being used to perform a brute force attack

How do I investigate?

  • Navigate to GuardDuty in the Security Account and review the findings
  • Select the UnauthorizedAccess:EC2/RDPBruteForce finding and review the details
  • Click the Learn More or go to Unauthorized Access EC2 RDP Brute Force and review how to remediate

Team Discussion

  • What can you do to prepare for handing compromized EC2 instances within your company’s environment?
  • What could you do to help the forensics team?